Elexon, the company that plays a central role in the balancing and settlement of the UK power system, has been hit by a cyber attack.
Elexon has close ties with core power system programmes and processes, particularly with the UK system operator.
It settles the payments between generators, suppliers and traders, working closely with National Grid ESO to keep the lights on in the UK.
It also handles EMR payments – government contracts for difference (CfDs) for renewable generators, as well as capacity market payments, paid to power generators as a winter insurance policy.
The company sought to reassure market participants that the attack was contained to its own internal IT systems – and had not spread to either balancing and settlement code central systems or EMR.
However, related parties are now checking their own systems for potential breaches.
National Grid ESO stated: “We’re aware of a cyber attack on Elexon’s internal IT systems. We’re investigating any potential impact on our own IT networks. Electricity supply is not affected. We have robust cybersecurity measures across our IT and operational infrastructure to protect against cyber threats.”
“We are advising you that today that ELEXON’s internal IT systems have been impacted by a cyber attack. BSC Central Systems and EMR are currently unaffected and working as normal. The attack is to our internal IT systems and ELEXON’s laptops only. We are currently working hard to resolve this.”
It updated the market just before 4pm, stating it had “identified the root cause” and was “taking steps to restore our internal IT systems”.
Utilities and related parties face a growing threat from cyber attacks, with some, such as Statkraft reporting more than 150 attacks per year.